gtm-design-play
Pass
Audited by Gen Agent Trust Hub on Jul 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by ingesting and processing data from external, potentially attacker-controlled sources.
- Ingestion points: The skill reads prospect data from
outreach-log/*.jsonland utilizes output from external scraping scripts such asscripts/techcrunch-funding-rss.pyandscripts/hn-show-scraper.py(which fetches data from HN Algolia API). - Boundary markers: The instructions lack specific boundary markers or "ignore embedded instructions" warnings for the agent when processing the content of these logs or scraped data.
- Capability inventory: The skill's primary capability is writing distilled patterns and generated copy to new files in the
plays/directory. - Sanitization: There is no evidence of sanitization, escaping, or validation of the external content before it is interpolated into the play templates.
Audit Metadata